Shodan
Vulnerabilities
Vulnerable Software
Loytec:  Security Vulnerabilities
CVE-2023-46383
LOYTEC electronics GmbH LINX Configurator (all versions) uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the password and gain full control of Loytec device configuration.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-11-30
CVE-2023-46384
LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. Cleartext storage of credentials allows remote attackers to disclose admin password and bypass an authentication to login Loytec device.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-11-30
CVE-2023-46385
LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. An admin credential is passed as a value of URL parameters without encryption, so it allows remote attackers to steal the password and gain full control of Loytec device configuration.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-11-30
CVE-2023-46386
LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-11-30
CVE-2023-46387
LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via dpal_config.zml file. This vulnerability allows remote attackers to disclose sensitive information on Loytec device data point configuration.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-11-30
CVE-2023-46388
LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via dpal_config.zml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-11-30
CVE-2023-46389
LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via registry.xml file. This vulnerability allows remote attackers to disclose sensitive information on LINX configuration.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-11-30
CVE-2023-46382
LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) use cleartext HTTP for login.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-11-04
CVE-2023-46380
LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) send password-change requests via cleartext HTTP.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-11-04
CVE-2023-46381
LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI.
CVSS Score
8.2
EPSS Score
0.001
Published
2023-11-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved